The disclosing researcher writes:
I began to have a look at your software (suite) OpenNMS. Yesterday, I found that one could get Remote Code Execution (RCE) via malicious MQ messages
on the Horizon base station from a remote machine with minion credentials. At least that was the case I found quickly to be valid with respect to the role model.
Find attached a short write-up describing a little bit more on the exploitation steps.
The referenced write-up is included as a PDF attachment.